Salesforce Email Relay: Prevent Your Emails Going to Spam

Share this article...

Have you ever come across a scenario when emails sent from Salesforce are going to your spam folder? This continues even if you mark the email as ‘Not A Spam’. This situation can be resolved by using Salesforce’s Email Relay functionality. This comes in very handy when you do not want your users to miss on crucial notifications sent from Salesforce.

Email relay automatically routes Salesforce-generated emails through your company’s mail service. An email relay uses an email server to send emails that originated somewhere else.

Email Relay Setup:
1. For being able to use ‘Email Relay Action’ in Salesforce, the System Administrator has to perform the following steps:
Create a Support case with Salesforce Customer support to enable Email Relay in your organization. In the case details, provide the following information:

  • The organization ID for which you want the feature enabled.
  • The text: ‘Allow Email Relay Enablement.’

Note: System Administrator needs to perform this step only once. To check if the feature is enabled in your org or not, search for “Email Relay Activation” in setup. If you can see it, it is already enabled.

  1. From setup, enter Email Relays in the Quick Find box and select Email Relays.
  2. Select Create Email Relays. The following setting needs to be configured:
  • Enable SMTP Auth
  • Host
  • Password
  • Port
  • TLS Setting
  • Username

  1. Save the page and set up the Email domain Filter by searching Email Domain Filters in the Quick Find box in the setup.
  2. Select “Create Email Domain Filters”. Configure the following settings:
    • Sender Domain
    • Recipient Domain
    • Email Relay

Housekeeping steps for successfully setting up Email Relay

Setting correct Deliverability settings and email relay so as to prevent modification of envelope From address of the email sent and the return-path. Any change in the email headers affects email delivery to the email server. The following 2 settings in the email deliverability must be disabled:

a) Turn OFF “Activate Bounce Management”
b) Turn OFF “Enable compliance with standard email security mechanisms”

How to Secure Email Relay:

  • Have your email relay whitelist only the IPs you want to relay mail for (ours and any others)
  • Only relay mail that is sent using your mail domain
  • Enforce TLS (optionally set it to TLS required or required and verify the hostname on the certificate)
  • Have your relay verify the hostname on our certificate
  • Look for a header – X-SFDC-LK and ensure that it has your Org ID in it. Only relay mail from salesforce if it has the proper Org ID
  • Use DKIM signing in salesforce and only relay mail if the DKIM signature passes

Advantages of Email Relay

  • Apply existing content filters to scan messages for data and content not approved for company email.
  • Route all email through your own email servers to avoid the appearance of ’email spoofing’ forgeries.
  • Store copies of all email as required by government regulations in various industries.
  • Run outbound email through antivirus software before sending it to customers.
  • Automatically add data, such as company-wide disclaimers, at the bottom of email messages.

5 thoughts on “Salesforce Email Relay: Prevent Your Emails Going to Spam

  1. How do you configure email relay so that if an email is bounced, the bounce notification is shown in Salesforce?

  2. How does setting up email relay differ from creating a DKIM key when the end goal is to make sure the Salesforce email does not end up getting blocked by the recipient’s spam filter?
    (We have a scenario where some customers are receiving the mail, but the content (custom HTML template) is completely blank.

  3. Why would having Email Domain Filter cause messages from a Sandbox to not send (acts like it sends but user does not receive) while it does work in Prod? If I de-activate the email domain filter in the sandbox then messages are received as expected.

  4. It would be helpful to have more information on what this means: “Have your relay verify the hostname on our certificate” Does it mean Salesforce wide certificate or do you have to set up a self-signed certificate?

    Thank you!

Add Comment